Mobile Devices and Protocols Min Song, Old Dominion University

Introduction Mobile Device Families Mobile Handsets Mobile PCs Mobile Protocols Peer-to-Peer Protocols Client/Server Protocols Mobile Devices Security and Measures Security Attacks on Mobile Devices User-Mobile Level Security Measures Mobile Data and Applications Level Security Measures

1 1 1 3 4 4 6 8 8 8

Network Communications Level Security Measures Mobile Device Mobility Management Handoff Management Location Management Roaming Management Conclusions and Future Trends Glossary Cross References References

9 10 10 10 12 12 12 13 13

9

INTRODUCTION

MOBILE DEVICE FAMILIES

Mobile devices are used for information generation, delivery, storage, and management; they can be carried and moved with ease. The mobile device market has extremely heterogeneous brands. They range from simple cellular phones to powerful laptop PCs. Generally speaking, however, they share similar physical characteristics, such as small screen size, short battery lifetime, limited input/output capability, limited computing power, and low network bandwidth. Nevertheless, mobile devices have become one of the fastest growing segments of the computer industry and will become the predominant medium for Internet access. There are two primary reasons for this trend. First, people want to communicate anytime and anywhere; and second, the rapid growth of wireless local area networks (WLAN) and new wireless transmission technologies have enabled higher connectivity. This chapter provides an overview of two mobile device families. Each family is introduced from the following perspectives:

Based on the main functionalities and the form factors, we classify mobile devices into two families as listed in Table 1. The first family includes mobile handsets, such as Web-enabled phones, personal digital assistants (PDAs), pagers, and portable storage devices. The second family includes mobile PCs, such as laptop PCs and tablet PCs. For a quick comparison among these mobile devices, Table 1 also provides the distinguished features of each device. It should be noted, however, that this list is not exhaustive: there are many other mobile devices available on the market. Next, we describe each family in detail.

r r r r r r

Main functionality System resources (e.g., memory, computing power, and networking bandwidth) Input and output facilities Potential applications Embedded components (e.g., digital cameras, modems, and keyboards) Operating systems and software support

To better understand these devices, this chapter also outlines mobile communication protocols, security issues and measures, and mobile device management. In summation, we provide a conclusion and future trends. It should be noted that this chapter intends to present an overall picture of mobile devices and protocols as well as mobile device management. Many technologies and protocols cited in this chapter can be easily found elsewhere in this encyclopedia.

Mobile Handsets Web-Enabled Phone For many years, the primary function of cellular phones was voice communication. However, starting in the year 2000, cellular phones have begun to incorporate basic data services, such as messaging and Web access. A Webenabled phone is a cellular phone with features including Web access, messaging, e-mail, entertainment, address book, and customized applications. To access the Web or the Internet, a wireless application protocol (WAP) microbrowser is installed on each Web phone. The microbrowser allows users to access simplified versions of Web sites and to retrieve information such as stock quotes, weather forecasts, or news briefs. Messaging allows Webenabled phones to send and receive short messages, which could include text, audio, and video. Most Web-enabled phones let users send and receive a short e-mail by running Microsoft Outlook or Web-based e-mail programs. The majority of Web-enabled phones also allow users to play games, listen to music, and take pictures. Most Webenabled phones employ various digital transmision technologies, such as time division multiple access (TDMA) and code division multiple access (CDMA). Web-enabled phones form a broad category, including Smartphones, WAP, i-Mode, Internet, Java, and GPS phones. Although the functionalities and features of these 1

2

MOBILE DEVICES AND PROTOCOLS

Table 1 Mobile Devices Families

Webenabled phone

Mobile handsets

Personal digital assistant

Voice communication Web access Messaging E-mail Entertainment Personal Information Management Word processing Web access Touch screen interface Handwriting recognition

Pager

One- and two-way paging Address book E-mail Messaging

Portable storage device

Large storage capacity Digital audio player Digital photo display Address book

Laptop PC

Most powerful mobile device High-speed networking connection Office applications Standard keyboard

Tablet PC

Office applications Web access Digital ink input Handwriting recognition

Mobile PCs

mobile phones vary, essentially they share the same characteristics: small screen size, simple input and output facility, limited computing power, and low network bandwidth. A Web-enabled phone typically provides a small screen with between 6 and 12 lines of text, a standard 12button keypad, and a few special keys (such as joysticks) for data entry. The typical phone battery life is from 3 days to a week depending on how often it is used. Traditionally, Web-enabled phones create the wireless networking connection through a built-in wireless modem. Once connected, the user can perform voice calls or data communications or both at the same time. The rapid growth of wireless local area networks (WLANs) in the recent past provides an opportunity for large-scale WLAN integration into public phone networks. With the newly produced WLAN enabled handsets, users have immediate and convenient access to a wide variety of cost-effective high-bandwidth WLAN applications and services. One example is Nokia’s 9500 Communicator. It provides extensive network access flexibility through WLAN, EDGE (enhanced data GSM environment), and Bluetooth. Spurred by the ever-growing demands of business professionals, Web-enabled phones are expected to have more features in data processing and communications. Recently developed Web-enabled phones incorporate PDA features and have a larger screen to allow execution of data based tasks. One such phone is Samsung’s SGHD415. It can be easily converted into a full-size phone by sliding up the cover, exposing a wide display and large

keypad. The 262,144-color display offers higher quality and richer images than conventional PDA displays. Users can receive and send multimedia messages of 100 kB each and store up to 1 MB of data. They may also download Java applets to broaden their mobile phone usage. When these phones also incorporated a global positioning system (GPS) receiver, the users can tell their exact location and send their position to a map on a friend’s cell phone. The phone can even suggest a route to a user’s friends.

Personal Digital Assistant A PDA is a handheld mobile computer that assists users with its information management capabilities. The main operating systems used on PDAs are Windows CE, Palm OS, and Linux. Data are entered through either a small keyboard or a touchscreen with handwriting recognition. The output is a medium-sized color screen. Originally, PDAs were designed for personal information management (PIM). These tasks include, for example, address books, calendars, schedulers, calculators, to-do lists, and notes. More advanced PDAs have a preinstalled microbrowser for Web viewing, a built-in camera for video capture, still imaging and multimedia messaging. Some of them run word processing applications, spreadsheets, e-mail programs, and electronic book reading programs. Certain PDA models can even play music and record voice memos. Most PDAs can exchange information with a desktop or laptop PC by using synchronization utilities, such as Microsoft ActiveSync. Just like Web-enabled

MOBILE DEVICE FAMILIES

phones, the wireless networking connection is made through a built-in wireless modem, WLAN, EDGE, or Bluetooth. PDAs are usually palm sized and typically have a touch screen and a stylus. The user must tap on an on-screen keyboard or enter data by writing on the screen with builtin character recognition support. Because PDAs are typically designed for handling basic PIM tasks, they generally have less memory (usually 2 MB), slower processors, and gray scale displays. Advanced PDAs usually have up to 256 MB RAM, processors at clock speeds of up to 1 GHz, and color displays. Therefore, they are able to handle other applications, including short message service (SMS), e-mail, and Web browsing. Although PDAs are basically data-centric mobile devices, the convergence of voice and data functionalities in one device has added new features to PDAs. Recently developed PDAs, such as the RIM’s BlackBerry 7780, the Nokia’s 9210 Communicator, and the Ericsson’s R380, are effectively PDA equipped phones. They integrate phone functionality, e-mail, SMS, Web browser, customized applications, and the Java development platform into a single wireless handheld. Larger screens and easier data input make them more appealing devices for browsing wireless data than Web-enabled phones. More intelligent PDAs, such as Garmin’s iQue 3200/3600, are designed for business users who want a device that can manage their personal information and deliver personal navigation in a single unit. They offer a fully integrated GPS that lets a user see an electronic map and get turn-by-turn directions.

Pagers A pager is a small wireless device that uses a paging network to send and receive text messages (Beaulieu, 2002). To page someone, a person dials the service number, enters the number of the person to be paged, and sends out a short message. Immediately after a short transmission delay, the paged person will receive the message. For this reason, pagers are considered alerting devices. Originally, pagers were designed for one-way paging: the pager beeps and displays a short text message, and the paged person can take action accordingly. But the two-way pager enables the paged pager to automatically respond upon receiving a message. More recent paging devices, such as Motorola’s Talkabout T900 2-Way, offer more features in addition to the basic paging services. These include the following: r r r r r r r r

Wireless e-mail Calendar, address book, and memo pad Short message service (SMS) Information services (e.g., weather) Custom applications (e.g., Java) Preprogrammed reply capability Confirmed message delivery Automatic signature capability

These paging devices are essentially an e-mail pager with built-in Web phone functions. This indicates the convergence between two-way paging devices and Web

3

phones. Pagers, however, have the unique features of lowcost and time sensitive messaging capability. A Web phone may act as a pager in terms of messaging and e-mail. The main difference is the network connection. Web-enabled phone users need to establish a dedicated network connection for messaging and sending e-mail, whereas in paging systems, the network connection is always there. Pager devices are specifically targeted at mobile professionals who depend on e-mail as a mission critical business tool.

Portable Storage Devices Portable storage devices are the devices that are portable, lightweight, and durable and that allow users to permanently store their information. These devices include DVDs, CDs, memory sticks, Zip disks, SuperDisks, USB flash drives, hard drive MP3 players, and iPods. As an example, iPod will be detailed as follows. iPod (http://www.apple.com/ipod/) features a combination of huge hard drive capacity and a digital audio player. The hard drives range from 20 GB to 80 GB, letting you easily slip up to 10,000 songs or 25,000 digital photos in your pocket and enjoy them wherever you go. With the click wheel, users can select playlists and scroll through a long list of albums or artists to choose their favorite song. The digital audio player is platform dependent. For Windows, it is called Musicmach Jukebox Plus, whereas for Mac, it is called iTunes. Popular iPod features include a calendar, address book, to-do list, alarm clock, games, and text reader. The iPod’s Notes Reader lets users take text-based information such as news downloaded off the Web, stock tips, restaurant reviews, directions, and shopping lists anywhere. The iPod has a LCD display for viewing 6 to 10 lines of text at a time. Its battery life could be as long as 15 h. The newest member of the iPod family, the iPod Photo, displays 25 full-color thumbnails at a time. You can scroll through them the same way you scroll through song titles. The iPod can be connected to a computer through either a FireWire (Mac or Windows) or USB (Windows only) port. Simply plug the iPod into the Mac or Windows computer to transfer music libraries and playlists. It is possible to load an entire CD onto an iPod in as little as 5 s. Users may also use the iPod to capture voice memos. The 40 GB iPod allows up to 28 days of continuous recording. The files automatically synchronize with the music library when it is connected to the computer.

Mobile PCs Laptop PC A laptop PC is a portable desktop PC. Like other mobile devices, laptop PCs can be carried and moved with ease. The main operating systems used on laptop PCs are Windows XP, Linux, and Mac OS X. A laptop PC typically has all the functions that a desktop PC has. These include the following: r

Office applications (e.g., word processing and spreadsheet processing) r Web access r E-mail r Information services (e.g., weather and quotes)

4

MOBILE DEVICES AND PROTOCOLS

r

Multimedia (e.g., digital video and audio) Custom application (e.g., Java) r Publishing r Games r

Laptop PCs are considered a special type of mobile device because of the following unique features: r

Powerful computing resource—most laptop PCs have the equivalent capabilities as desktop PCs. One configuration of a laptop would be as follows: Pentium Mobile Processor, Microsoft Windows XP Professional or Home Edition, video card with 64 MB or more of DDR video memory, 1 GB DDR SDRAM, and 40 GB internal hard drive. Thus laptop PCs can run the same operating systems and applications customized for desktop PCs. r High-speed networking connection—most laptop PCs support both wired network connection (Ethernet 10/ 100/1000) and wireless network connection (802.11x and Bluetooth). r Convenient input and output format—laptop PCs have screen sizes of up to 17 in. and the same keyboard as for desktop PCs. All laptop PCs also provide an embedded mouse as well as an external mouse. Despite all these attractive features, the size and weight of laptop PCs limit their mobility. Because they run comprehensive operating systems and have complex hardware, it may take a few minutes to boot up the system; instead of a few seconds for other mobile devices. Laptop PCs that were produced prior to 2000 do not support wireless communications. These laptop PCs have to rely on the wired network connection, which is not convenient if a user is traveling.

Tablet PC A tablet PC is a general purpose mobile computer with a large, integrated, interactive screen (Lee, Schnider, & Schell, 2004). Tablet PCs include many innovations, including handwriting recognition, longer battery life, a low-heat processor and an operating system that is a specialized version of Windows XP Professional. Users may write with a digital pen directly on the screen of the tablet PC, create handwritten documents, store, search, and review handwritten notes, and convert handwritten notes into text to use in other applications. A tablet PC typically has all the functions that a laptop PC has. However, a tablet PC is a perfect choice if you often need to be away from your desk or in an area where a laptop PC is not practical. Some tablet PCs, such as Acer’s TravelMate 100, are able to morph between laptop and tablet layouts. Tablet PCs are very similar to PDAs in terms of handwriting-enabled features. However, a tablet PC runs a more powerful and fully featured operating system. It also has a hard disk drive. Unfortunately, these features also mean that you cannot boot up a tablet PC nearly as rapidly as a PDA. Nevertheless, the tablet PC’s large touch screen, digital pen, QWERTY keyboard, and sophisticated handwriting recognition and drawing capability have raised hopes that it might become the mobile device of choice for enterprise workers. These workers not only have to be mobile but also have to read, write, and type a great deal.

MOBILE PROTOCOLS While there are two families of mobile devices, they generally employ the same communication protocols for messaging, e-mail, and Web access. Mobile protocols can be generally classified as peer-to-peer protocols and clientserver protocols based on the communications model. In the peer-to-peer communication model, two mobile users send and receive messages instantly or by a storeand-forward manner. In the client/server communication model, a mobile user typically requests services or retrieve information from a more powerful server, which is typically a stand-alone unit. Next we introduce protocols deployed in each communication model.

Peer-to-Peer Protocols Peer-to-peer protocols refer to protocols that enable one mobile user to send and receive messages to and from another mobile user. The operation can proceed instantly or in the store-and-forward manner. In the instant mode, the sender and receiver need to be well synchronized. The communication happens only if both peers are ready. Three well-known protocols are short message service (SMS), multimedia message service (MMS), and instant messaging (IM). In the store-and-forward mode, the sender starts the communication without synchronization with the receiver. Messages are temporarily stored on a server and retrieved later by the receiver. Whether or not the receiver is ready does not affect the operation of the sender. E-mail protocols work in the store-and-forward mode.

Short Message Service This is a globally accepted wireless service protocol that provides a connectionless transfer of short text messages to and from mobile devices. It was first introduced in 1991 in Europe as part of the GSM standard. In North America, SMS was made available initially on digital wireless networks based on GSM, CDMA, and TDMA standards. Figure 1 demonstrates the message delivery processes using the SMS protocol. Once a message is constructed at the source mobile device, it is sent over a wireless connection to the SMS center (SMSC) for that particular wireless carrier network. The SMSC then gets the message to the destination mobile device through the wireless carrier. To do this, the SMSC sends a SMS request to the home location register (HLR) to find the destination mobile device. Once the HLR receives the request, it responds to the SMSC with the destination mobile’s status, which includes (1) inactive or active and (2) where the mobile is

HLR

Source mobile device

SMSC

Destination mobile device

Figure 1: SMS architecture.

MOBILE PROTOCOLS

roaming. If the response is inactive, then the SMSC will act as a store-and-forward system and hold the message for a period of time. When the destination mobile device becomes active, the HLR sends a SMS notification to the SMSC, and the SMSC will attempt delivery. The SMSC transfers the message in a short message delivery point-topoint format to the serving system. The system pages the destination mobile, and if it responds, the message gets delivered. The SMSC receives verification that the message was received by the end user and then categorizes the message as sent and will not attempt to send again. A distinguishing characteristic of SMS is that an active mobile handset is able to receive or submit a short message anytime and anywhere, independent of whether a voice or data call is in progress. SMS also guarantees delivery of the short message by the network. Temporary failures because of unavailable receiving mobiles are identified, and the short message is stored in the SMSC until the destination mobile becomes available. Initial applications of SMS focused on eliminating alphanumeric pagers by permitting two-way general purpose messaging and notification services, primarily for voice mail. As technology and networks evolved, a variety of services have been introduced, including e-mail, fax, and paging integration, interactive banking, information services, and integration with Internet-based applications. With the advent of more mobile applications, some significant limitations of SMS have become apparent. The most serious of these is that messages must be no longer than 160 alphanumeric characters and contain no images or graphics. Another one is the lack of interoperability between network operators (Mallick, 2003). For these reasons, enhanced message service (EMS) was introduced to enable mobile devices to send and receive messages that have special text formatting (such as bold or italic), animations, pictures, icons, sound effects, and special ring tones. To help overcome the message size limitation, EMS allows for message concatenation. Because EMS is based on SMS, it can use SMSC the same way that SMS does. EMS messages that are sent to devices that do not support it will be displayed as SMS transmissions. The standard is considered an intermediate technology between SMS and multimedia message service (MMS), with more capabilities than SMS but fewer than MMS.

Multimedia Message Service Multimedia message service (MMS) is a new standard in mobile messaging. Like SMS, MMS is a way to send a message from one mobile to another. The difference is that MMS can include not just text, but also images (JPEG, GIF format), audio (MP3, MIDI), and video (MPEG), or any combinations of the above. In addition, MMS also allows users to send MMS messages from a mobile phone to an e-mail address. This feature dramatically increases the scope of mobile communications. In addition, users can create, edit, preview, and send MMS multimedia messages, either via mobile handsets or via the Web. Each multimedia message contains a number of pages; each page may include content in different files associated with different media types. These files are incorporated into the slide show using the synchronized multimedia integration language (SMIL) (Bulterman & Rutledge, 2004). SMIL is

5

an XML-based language specified by the World Wide Web Consortium (W3C) that is used to control the presentation of multimedia elements. Within the SMIL specification is a set of tags that can be used for defining the layout of each page and the time that each page is displayed. MMS is an important emerging service that allows sending multiple media in a single message and sending a message to multiple recipients. The originator can easily create a multimedia message, using either a builtin or accessory camera, or can use images and sounds stored previously in the mobile. The message is first sent to the MMS Center (MMSC)—a similar concept to SMSC for SMS messages. Once the receiving mobile is located and is ready to receive messages, the MMSC immediately forwards the message to the receiving mobile and deletes the message from its memory. On a compatible mobile, the MMS message will appear with a new message alert. The picture message will open on the screen; the text will appear below the image and the sound will begin to play automatically. If the message is sent to a non-compatible MMS mobile the user will receive a SMS message. The user may then be given a Web site address to view the message. One of the main practical differences between MMS and SMS is that although SMS messages are limited to 160 bytes, an MMS message has no size limit and could be hundreds of kilobytes in size. MMS requires a 3G network to enable such large messages to be delivered, although smaller messages can be sent even with 2G networks using general packet radio services (GPRS).

Instant Messaging Instant messaging is a type of real-time communications service that enables you to create a kind of private chat room with another individual over the Internet. IM allows you to maintain a list of people that you wish to contact, often called a contact list. You can send messages to any of the people on the contact list as long as that person is online. Typically, the IM system alerts you whenever somebody on your contact list is online. You can then initiate a chat session with that particular individual by opening up a small window where you and your contact can type in messages that both of you can see. Indeed, IM provides similar capabilities to other two-way messaging technologies, such as SMS, paging, and e-mail, with an addition of one significant feature: presence (Mallick, 2003). Presence lets you know the current status of the people with whom you are communicating. Most of the popular IM programs provide a variety of features allowing your contacts to share your favorite Web links, music, images, and files stored on your device. ICQ is an example of IM program. The ICQ client that resides on your computer connects to an ICQ server and through the server communicates to your contacts, provided they are also ICQ members. AOL Instant Messenger (AIM), another IM program, supersedes ICQ by allowing AOL members to communicate with nonmembers. Although AIM and ICQ are the leaders in the IM race, there are several other worthy entrants. Microsoft’s MSN Messenger, like other IM programs, allows users to talk with other MSN Messenger users just like they would talk over the telephone. Another IM utility is Yahoo

6

MOBILE DEVICES AND PROTOCOLS

Messenger. The interesting thing about Yahoo Messenger is how well it integrates with other Yahoo content and services. There are several utilities, such as Odigo and Omni, that combine various services. Odigo allows users to combine AIM, ICQ, and Yahoo Messenger contact lists. Omni lets users combine the functionality of AIM, ICQ, MSN Messenger and Yahoo Messenger, plus file-sharing utilities, all in one program.

E-mail Protocols Three widely used e-mail protocols for mobile users are simple mail transfer protocol (SMTP), post office protocol version 3 (POP3), and Internet message access protocol (IMAP). SMTP is a protocol for sending e-mail messages from the e-mail client to e-mail server. When a mobile user wants to send an e-mail, his client application first establishes a TCP connection to port 25 of his e-mail server. The e-mail server will then look at the address to which this message is being sent and set up another TCP connection to the e-mail server at the destination address domain. When the destination e-mail server receives the message, it puts the message into the recipient’s mailbox if such a recipient exists. Otherwise, an error report is returned to the message originator. Either case, the TCP connection will be released after the transmission is finished. POP3 is a protocol used by e-mail client to retrieve the e-mail messages from the destination mail server. When mobile users check their e-mail, the client application establishes a TCP connection to port 110 of their e-mail server. Once the connection is set up, the POP3 protocol authorizes the user by checking the user’s name and password. Once authorized, the user is allowed to access his stored messages and download the messages onto his local machine. Once the messages are delivered to the client they are deleted from the e-mail server. IMAP is a protocol that allows e-mail clients online to process their e-mail. In this design, e-mail is still delivered to an e-mail server and the remote client reads the messages from the server using IMAP e-mail software. The messages are not all downloaded to the client machine. The client can ask for specific messages or search the server for messages meeting certain criteria. The user also has the option to save the messages locally. The mobile user receives the biggest advantage of the IMAP protocol because he or she simply need a machine that is connected to the Internet to read his or her messages.

Client/Server Protocols Client/server protocols refer to protocols that enable a mobile client to access a Web server or receive information from a Web server at anytime and anywhere. In this section, we outline hypertext transfer protocol (HTTP), handheld device markup language (HDML) notifications, wireless application protocol (WAP), WAP push protocol, and Web services.

HTTP HTTP is a transfer protocol employed by mobile clients to access Web servers. It specifies what information mobile clients may send to servers and what responses they receive from servers. The original language to specify

the information is hypertext markup language (HTML). HTML is a set of markup symbols or tags inserted in a file to tell a browser how to present output on a screen. HTML 4.1 is the latest version preceding the introduction of the extensible markup language (XML). Both HTML and XML contain markup symbols to describe the contents of a page or file. XML, however, describes content without style. More specifically, XML describes the content in terms of what data are being described. One of the most powerful features of XML is that it allows a user to construct other languages, including new markup symbols and attributes. However, both HTML and XML were designed for stand-alone Web servers and desktop PCs with a default window width of about 80 characters. This makes it unsuitable for handheld mobile devices. Three widely used markup languages for mobile devices are HDML, wireless markup language (WML), and compatible HTML (cHTML) (Lu, 2002). A microbrowser on a mobile client typically connects to a Web server by establishing a TCP connection to port 80 on the server. After the connection is established, the mobile client sends request methods to the server. After the server receives the request, it retrieves the specified content and responds to the mobile client by sending the requested information in HDML, WML, or cHTML format. The microbrowser on a mobile client then interprets the information and displays it on the mobile device. With the current HTTP 1.1, it is possible to have multiple requests and responses take place under one TCP connection. The connection will be released on demand or after a given amount of time.

HDML Notifications HDML notifications are the first form of push messaging available to mobile users (Mallick, 2003). They allow the server to send information to clients in a timely fashion— a process similar to SMS text messaging. But they differ from SMS in that they interact with the mobile device’s microbrowser through the HDML gateway. One way to interact is to send an alert message, which typically contains a uniform resource locator (URL), to the device’s microbrowser that will beep or display a visual signal to notify the user that new information is available. Another interaction method is to send notifications to mobile devices instructing them to remove certain URLs from the microbrowser’s cache or preload contents into the microbrowser’s cache. These kinds of operations are transparent to the users. HDML notifications provide a powerful way to push contents to mobile users. However, because HDML notifications are a proprietary messaging technology developed by Openwave, they are only supported in Openwave microbrowsers.

WAP and WAP Push WAP is a communication protocol between server applications and mobile clients (WAP 2.0, 2002). When a mobile client with a WAP browser accesses a Web server, it generates an encoded request in WML format and sends the request to a WAP gateway. The WAP gateway then forwards the request to the Web server. The Web server parses the request and responds to the WAP gateway with either

MOBILE PROTOCOLS

definition, a Web service application is built from three major components:

Encoded request

Request

Encoded response

WML content or HTML content

Mobile client

WAP gateway

Web server

Figure 2: WAP communication model. WML or HTML content (depending on whether the Web server provides WML content.) If the server does not provide WML content, the Web server responds to the WAP gateway with HTML content. The WAP gateway needs to encode the HTTP response and return it to the WAP browser on the mobile client in WML format. Figure 2 illustrates this process, where mobile client could either retrieve a static document from the Web server or request the Web server to launch an application and return the results. In either case, the content is sent back to the mobile client for viewing or further processing. More information about WAP can be found in Chapter 68 (which is dedicated to WAP). In the WAP communication model described above, a mobile client requests a service or information from a Web server, which then responds by transmitting information to the mobile client. This is known as pull technology. In contrast to this, there is a push technology, in which there is no explicit request from the client before the server transmits its content. WAP Push, first introduced in the WAP 1.2 specification, is the successor to HDML notifications. It is the delivery of content to the mobile device without previous user interaction (Openwave, 2002). Figure 3 depicts the WAP push structure. The push initiator (PI) is an application that pushes content and delivery instructions to the push proxy gateway (PPG) using the push access protocol (PAP). The PPG uses the push over-the-air (OTA) protocol to actually push the content to the WAP client over a wireless network. The PPG may also store the content temporarily if it cannot deliver the content immediately. It also maintains the status of each message, allowing the PI to cancel, replace, and request the current status of a message. The WAP client is a mobile device equipped with a WAP microbrowser to view the pushed content.

Web Service “A Web service is a software system identified by a URI, whose public interfaces and bindings are defined and described using XML. Its definition can be discovered by other software systems. These systems may then interact with the Web service in a manner prescribed by its definition, using XML based messages conveyed by Internet protocols (W3C Web service, 2004).” Based on this Push Access Protocol

Push Initiator

Push Over-the-Air Protocol

Push Proxy Gateway

Figure 3: WAP push structure.

7

Mobile Device

1. A Web service registry, which stores information about Web service providers and Web services. 2. A Web service client, which makes use of a service offered on the Web. Web service clients can discover available Web services and get detail information by searching the registry. 3. A Web service, which offers a service and is accessible via a standard messaging and transport protocol. Web services publish information about themselves in a Web service registry. Accordingly, the following three technologies are the forefront for implementing a Web service: 1. Universal discovery, description and integration (UDDI) is a standard for Web service registries (UDDI Version 3.0.1, 2003). UDDI defines of a set of services supporting the description and discovery of Web service providers, the available Web services, and the technical interfaces that may be used to access those services. Based on a common set of industry standards, including SOAP and XML, UDDI provides an interoperable, foundational infrastructure for a Web services-based software environment. 2. Simple object access protocol (SOAP) is a protocol for a program on client to call a Web service on server by sending XML data over HTTP (SOAP Version 1.2, 2003). It also specifies how the called program can return a response. Unlike other similar technologies (CORBA, Java RMI, and DCOM), SOAP is an open standards protocol; this provides interoperability among machines running different operating systems. 3. Web services description language (WSDL) is an XMLbased specification that provides a standard format for describing Web services (WSDL Version 2.0, 2004). It contains the information about how to invoke the service and what, if any, response to expect. WSDL enables one to separate the description of the abstract functionality offered by a service from concrete details of a service description such as how and where that functionality is offered. To deploy the Web services technology for mobile devices, mobile Web services were designed to enable mobile users to take advantage of wireless applications, such as mobile messaging and location-based services, and delivering integrated services across wired and wireless networks. Microsoft and Vodafone achieve this by using an XML-based Web services architecture, allowing developers to build new, innovative services across both fixed and wireless networks. IBM provides the Web services tool kit for mobile devices (WSTKMD) and the run-time environments that allow development of applications that use Web services on small mobile devices, gateway devices, and intelligent controllers. The Mobile SOAP server uses the WSTKMD run-time environment in conjunction with a mobile gateway server to receive SOAP requests from any SOAP client and to return a response. Other mobile

8

MOBILE DEVICES AND PROTOCOLS

Web service initiatives include Sun’s Javafirst project, Symbian’s Action Engine mobile Web services platform, QUALCOMM’s Binary Runtime Environment for Wireless (BREW), and GSM Association’s M-Services.

MOBILE DEVICES SECURITY AND MEASURES We start this section by first introducing the common security issues in computer networks. Then we clarify how these issues apply specifically to mobile devices and protocols. Network security issues can be divided into six closely interrelated areas: 1. Authentication: This deals with determining the identity of the communication partner. 2. Authorization: This determines whether an authenticated user has the permission to access the system resource or to receive services. 3. Confidentiality: This keeps the data encrypted so that the data are out of the hands of the third party. 4. Integrity: This ensures that the data has not been altered or corrupted in any way during the transmission or storage. 5. Availability: This prevents malicious users from blocking legitimate access to network resources or services. 6. Nonrepudiation: This guarantees that no communicating party can deny the fact that it once sent a message and deny the contents included in the message. Many security issues in mobile networks are essentially the same as those described above. However, security protocols developed for desktop PCs do not work well on mobile devices. The mobility and wireless natures of mobile networks make the security more challenging. Indeed, special design attention is needed to provide an acceptable security level for mobile devices. In this section, we first introduce security attacks on mobile devices; then we examine mobile security measures at three levels: (1) the mobile-user level, (2) the mobile data and applications level, and (3) the network communications level.

r

r

r

r

user. If the attacker succeeds, he or she can then create fake responses to the mobile system in an attempt to acquire further knowledge and access to the associated wireless network. It is possible to prevent spoofing by a strong combination of user authentication and authorization. Eavesdropping: This is a technique to monitor data flow on a mobile network. By listening to network data, unauthorized parties can obtain sensitive information that allows them to further damage mobile users. It is possible to prevent eavesdropping by deploying a strong confidentiality mechanism. Malicious code: This is a technique to install a small piece of code on mobile devices to perform damaging activities by stealing private information, modifying data, deleting data, and blacking screens. These codes could be in the format of spyware or viruses and can be triggered by certain events, such as network transmissions or event time. Even worse, they can easily be spread to other mobile devices or networks by a simple call. It is possible to combat this attack by embedding a strong authorization algorithm and to install on-device builtin security checks to ensure that only authorized code is allowed to execute. Denial of service: This is a technique to block legitimate access to the mobile devices. A wireless network is even more vulnerable to DOS attacks, because the attacker is not tied to a wired connection. In the case of mobile phones an attack can be mounted from anywhere in the world. Even worse, an authorized device could also become infected and consequently be used to mount a DOS attack. It is possible to reduce DOS attacks by limiting the devices authorized to connect to a mobile thus ensuring the availability. Man-in-the-middle (Zhang & Chen, 2004): In this technique an attacker intercepts the messages transmitted between the communicating parties. The intercepted messages can then be modified, delayed, relayed to another party, and replayed to the legitimate communicating party. Under this attack, an attacker could pretend to be an authorized user, to access a network or information, even when the captured information was strongly encrypted. It is possible to alleviate this attack by implementing a strong integrity system. Theft: Modern mobile devices are increasingly lightweight in design. Because of this, mobile devices tend to be easily lost or stolen and thus the data stored on devices and the network resources accessible through the devices are exposed to serious attack.

Security Attacks on Mobile Devices

r

Security attacks on mobile devices can be in either passive mode or active mode. A passive attack does not attempt to damage the target mobile system. It performs the attack mainly by spoofing, eavesdropping, and installing malicious code. Information collected can be used to analyze the target mobile system and thus steal the confidential information. An active attack tries to damage the target mobile system completely and instantly. The main approaches for active attacks include, for example, denial of service (DOS), man-in-the-middle, and theft. Because of their natures, passive attacks are more difficult to detect and active attacks are more detrimental. Following are the typical attacks on mobile devices:

Except the theft attack, whose prevention depends primarily on device owners, other attacks occur at different communications levels, which are detailed next.

r

Spoofing: This is an attempt to obtain unauthorized access to a mobile system by pretending to be a legitimate

User-Mobile Level Security Measures The main security issue at this level is user authentication (i.e., verifying that a person attempting to access a mobile device is a legitimate user). Security measures at this level help mitigate the attacks of spoofing, man-in-the-middle, and theft.

MOBILE DEVICES SECURITY AND MEASURES

There are several mechanisms to perform authentication. The most common one is a strong username/ password combination. Many mobile devices have builtin username/password functionality. This requires the user to authenticate before they are granted access to the device. When a user attempts to access the device with an incorrect username/password combination, the system imposes a time delay before allowing access again—a delay that increases exponentially with each attempt. A failure after a limited number of tries indicates an unauthorized usage. More rigorous authentication methods include (Dedo, 2004) r r r r r r

Signature authentication Picture-based passwords Fingerprint authentication Smart card security Secure ID card authentication Certificate authentication on a storage card

By doing one or more of the aforementioned authentication processes, a user is required to authenticate every time he or she accesses the device and the associated network. Although this might be considered a usability drawback, it is an essential measure to combat attacks such as spoofing, man-in-the-middle, and theft.

Mobile Data and Applications Level Security Measures The main security issue at this level is user authorization (i.e., verifying the person has the appropriate authority to access the data and run the applications stored on the device and the associated network). Security measures at this level help mitigate spoofing and theft attacks. Mobile users often store important documents on the mobile device itself—either in the memory or a storage card that can store hundreds of megabytes to tens of gigabytes. To protect these documents as well as other sensitive data such as username/password and personal information, effective encryption algorithms are designed and implemented on the device itself and on external storage cards. There are a number of ways to encrypt the stored data to protect it from unauthorized access. For pocket PCs, Microsoft offers a mechanism for storing encrypted data in a relational database, protected with both 128-bit encryption and a password. Recently, as more computing power and local storage become available on mobile devices, many more applications can be implemented on mobile devices. Such applications are also called smart client applications. In this case, the application may have a login page that authenticates against a local database. A user must log in to use a particular application regardless of whether the mobile device is connected to a network.

Network Communications Level Security Measures The main security issues at this level are confidentiality, integrity, and nonrepudiation. Security measures at this

9

level help mitigate the attacks of eavesdropping, DOS, and man-in-the-middle. To protect data transmitted over the Internet and wireless networks, there are three steps needed before a user can transmit data (Brown, 1995; Zhang & Chen, 2004): r

Security provisioning: This is to generate and distribute credentials to both users and the network. r Local registration: With the provisioned security information, a user can perform registration with the network to gain permission to use the network. r Authentication and key agreement (AKA): The AKA provides a methodology to authenticate a user and to generate two keys, an encryption key and an integrity check key. In addition, there is also a secret key shared by the user and the network that is available only to the authentication center. Thus, the mobile and network mutual authentication allows mobile users and networks to authenticate each other (3GPP, 2002). A broad range of security algorithms have been developed and deployed in the above three steps. The main measures are data encryption, digital certificates, Internet protocol security (IPSec), transport layer security (TLS), and WAP security. Encryption algorithms (more details can be found in Chapters 108–117 of Volume II) encode information in such a manner that only the persons or applications with the correct key can decode it. Digital certificates (more details can be found in Chapter 56) provide a way to guarantee that a public key belongs to the party it represents (Mallick, 2003). For this to be successful, the certificate itself also has to be verified to ensure that it represents the claimed party. This is accomplished using a trusted third party called a certificate authority. IPSec (more details can be found in Chapters 64 and 65) is a set of protocols in the network layer to provide cryptographic security services that will flexibly support combinations of authentication, authorization, confidentiality, and integrity. TLS (more details can be found in Chapter 66) is a protocol in the transport layer to ensure confidentiality between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop any message. WAP (more details can be found in Chapter 69) is a standardized protocol that allows a mobile device to retrieve information from a server. There are several components used by the WAP specifications to provide security. A WAP identity module (WIM) stores certificates and is used by the wireless transport layer security (WTLS) to provide a TLS-like secure connection between the mobile device and a WAP gateway. There are also functions defined that allow data to be signed. Earlier versions of the WAP specifications defined a WAP gateway that mapped the WAP protocols onto Internet protocols to allow WAP devices to connect to servers on an IP network. This allowed the transmission to become vulnerable at the WAP gateway. WAP 2.0 addresses the lack of end-to-end security by introducing support and services for Internet protocols into the WAP environment. Internet protocols can, therefore, be used directly between the client and wireless network

10

MOBILE DEVICES AND PROTOCOLS

and this eliminates the need for protocol translation at the WAP gateway. This provides secure end-to-end communications.

MOBILE DEVICE MOBILITY MANAGEMENT Mobility is the ability for mobile devices to remain connected to the network continuously when they move. Mobility management consists of three components: (1) handoff management, (2) location management, and (3) roaming management. Handoff is a process in which a mobile device changes its network attachment point within the same administration domain. Location management is a process in which an association between the mobile device and its home network as the mobile device moves from one network to another. Roaming is a process where a mobile device changes its network attachment point between different administration domains.

Handoff Management In an attempt to increase the system capacity, modern mobile networks are organized as a set of radio cells. Users tend to move in and out of cells frequently without notice. The system therefore needs to maintain the continuity of an ongoing connection whenever a user crosses the cell boundary. A typical example is that a mobile device moves from one cell to another and thus its radio channels will be changed from one base station to another base station. Because of the dynamic nature of the mobile networks, a changing of one radio channel to another within the same base station is also considered handoff. It should be noticed that handoff management is one of fundamental features of mobile networks. Essentially, all connections are established after a successful admission process. That means once the system admits a connection request, it is totally the network’s responsibility to maintain the connection until the user tears it down. In an effort to reduce the handoff overhead, a cluster of neighboring cells can be grouped together and controlled by a mobile switching center (MSC). The MSC has much more computing power and functionalities than base stations. When a mobile device moves among cells within the same cluster, the handoff is mainly handled by the serving MSC. This is called intraswitch handoff. When a mobile device moves crossing the cluster boundary, the handoff must be handled at least by the two MSCs involved. This is called interswitch handoff. Because of the state information exchange between two MSCs, interswitch handoff takes longer than intraswitch handoff. There are three methods for initiating handoffs. They are (1) mobile controlled handoff (MCHO), (2) network controlled handoff (NCHO), and (3) mobile assisted handoff (MAHO). In MCHO, the mobile device continuously monitors the quality of signals received from nearby base stations. When the signal level from a new base station exceeds that from the current base station, the mobile device realizes that it is leaving the current cell and entering a new cell. Thus the mobile device initiates the handoff and requests a new radio channel from the new base station. Because the mobile device controls the entire handoff

process, a fast handoff is expected. However, this increases the complexity of the mobile devices. In NCHO, the base stations continuously monitor the signal quality from individual mobile devices and report the measurements to the MSC. The MSC, which has a whole picture of the entire system, chooses the new base station and starts the handoff process. The mobile device operates in passive mode and thus a simple design is needed. However, this increases the burden of the network. A more desirable method is MAHO, in which the mobile device continuously measures the signal quality from nearby base stations and feeds this information back to the MSC via the current base station. The current base station also provides the distance information to the MSC. The MSC then makes a decision for handoff. MAHO achieves the balance between mobile device complexity and network burden; therefore it is widely used in today’s mobile networks. The handoff process can be in one of the four modes: hard, soft, backward, or forward handoff (Mark & Zhuang, 2004). During a hard handoff, a mobile device can receive user data from only one base station at any time. Thus, the old connection is terminated before a new connection is established. This mode of operation is called break-before-make. In the soft handoff, a mobile device receives copies of the same user data from two or more base stations simultaneously. The mobile is supposed to have the capability to recognize that the multiple copies actually represent the same data. Then the mobile uses signal processing techniques to determine the most likely correct value of the data from its multiple copies. Thus, soft handoff provides better reliability. This mode of operation is called make-before-break. In backward handoff, the handoff is predicted ahead of time and initiated through the existing radio link. A sudden loss or rapid deterioration of the old link imposes a major problem in backward handoff. In forward handoff, the handoff is initiated via the new radio link associated with the new base station. Because of a late availability of the new radio link, forward handoff may cause a long delay. The general requirements when designing a handoff algorithm are low handoff delay and cell loss, scalable with network size, and reliability of recovering from link failures. Handoff management is handled differently in mobile IP and cellular IP networks. In mobile IP, a mobile terminal needs to change its IP address when it moves into a new IP subnet and registers the new IP address with its home agent. This could lead to long handoff delay when the mobile is far away from its home agent. Cellular IP is designed to support fast handoff in a wireless network of limited size, for example, a network within the same administrative domain. Cellular IP reduces handoff latency by eliminating the need for a mobile to change its IP address while moving inside a Cellular IP network, hence reducing the delays caused by acquiring and registering new IP addresses.

Location Management The term location in the context of mobile networks means which network the mobile is visiting, more specifically, which network attachment the mobile is using.

MOBILE DEVICE MOBILITY MANAGEMENT

Location management typically includes the following three steps: r

Location discovery—a process to determine the mobile’s current location r Location update—a process to notify the mobile’s home network of its current location r Packet delivery—a process to deliver packets to the destination mobile

Location Discovery To provide a wide geographical coverage and to support more users, a wireless mobile network is normally configured as an interconnection of many regional subnetworks. Each subnetwork may consist of multiple cells. These subnetworks are interconnected via intelligent routers such as MSCs or a backbone network such as the Internet or a satellite network. For message delivery purposes, a mobile device is identified with a home network where the mobile subscribes. Messages sent from other mobiles or fixed terminals are always delivered to its home network first. The association between the mobile and its home network is made through a registration process. The location register that belongs to the mobile’s home network is called the home location register (HLR). When the mobile moves into a new subnetwork, it has to register its current location with a visitor location register (VLR) in the visiting network. The registration request sent by the mobile device should include its mobile identification number (MIN) among others. The base station in each subnetwork periodically broadcast beacon signals. A mobile listens to the pilot signals from the base stations in the subnetwork and uses these to identify its current subnetwork. Location discovery can be initiated by either the mobile’s home network or the mobile itself. In the former case, the home network does not maintain mobiles’ precise locations at all times. It only needs to locate the mobile when there are messages destined to the mobile. Typically, the home network sends a message to the VLR through its association with the HLR. The VLR then locates the called mobile by broadcasting a polling message that contains the MIN of the called mobile. Upon receiving the polling message, the called mobile responds to the VLR through its current serving base station. The called MSC then knows where to forward the call. A communication channel between the message originator and the mobile can be established thereafter. If the location discovery is initiated by the mobile itself, the home network must know the current location of the mobile at all times. Therefore, the mobile must inform its home network whenever it enters a new subnetwork.

11

save scarce network and mobile resources. They can be classified into the following categories: r

Traffic-on-demand update: the home network does not maintain mobiles’ precise locations at all times. The network only requests the mobile to update its location when it needs to deliver user traffic to it. r Location-area-based update: A network can group a set of network attachments points into one location area. When the mobile and network have no traffic to send to each other, the network only needs to keep track of which location area a mobile is likely to be in. r Movement-based update (Dutta et al., 2001; Noy, Kessler, & Sisi, 1995): A mobile performs a location update whenever it traverses a predetermined number of location areas. r Distance-based update (Noy, Kessler, & Sisi, 1995; Wong & Leung, 2000): A mobile performs a location update whenever it has traversed a predetermined distance since its last update. Here the distance could be measured in many ways, such as physical distance or cell distance. Each location update strategy has unique advantages and limitations. A potential drawback of the traffic-ondemand strategy is an unacceptable long end-to-end message delay. For location-area-based, movement-based, and distance-based strategies, location discovery is required to locate the precise location of a mobile when the network needs to deliver user traffic to it. Therefore, a proper trade-off is needed to achieve reduced overhead, high performance, and low complexity.

Packet Delivery Packet delivery to mobiles is the process whereby a packet originator and the network use location information to deliver packets to a mobile. Packet delivery strategies can be classified into two basic categories:

Location Update

1. Direct delivery: a packet originator first obtains the destination mobile’s current location and then sends the packets directly to the current location of the destination mobile. In this case, the packet originator needs to maintain the mobile’s location by itself or obtain location information from a location server. 2. Relayed delivery: a packet will be first sent to a mobility anchor point, which then relays the packet toward its final destination. In this case, the packet originator does not need to know the precise location of the destination mobile. What the originator needs to know is the address of the mobility anchor point, which typically is fixed.

A location update strategy determines when a mobile should perform location updates and what locationrelated information the mobile should send to its home network. One strategy is to update the mobile’s precise location whenever it leaves its home network. This strategy makes the location discovery unnecessary. However, this strategy is not desirable if mobiles change their network attachment points frequently and there are no traffic destined to them. A number of strategies are designed to

Direct delivery could reduce the packet end-to-end delay by using the most direct path to the destination. However, the originator needs to have the ability to find the proper location server for the destination mobile. Relay delivery has fewer requirements on the packet originator. However, the packet end-to-end may be longer in relay delivery than that in direct delivery, because the mobility anchor point could become the performance bottleneck.

12

MOBILE DEVICES AND PROTOCOLS

Roaming Management Roaming is a process whereby a mobile user moves into a visited domain. Before proceeding to the discussion of roaming, we first define home domains and visited domains for a mobile user. A user’s home domain is the domain where the mobile maintains a service subscription account, which contains information regarding the subscriber’s identity, billing address, service plan, and security information needed to authenticate the user. Among other information, the service plan includes which networks the user is allowed to use (i.e., which networks the user can roam into and communicate with). When a mobile moves into a domain with which it does not have an account, this domain is called the mobile’s visited domain. Roaming is similar to handoff in the sense that a mobile changes its network attachment point in both cases. However, supporting roaming requires more network capabilities, such as roaming agreement between the mobile’s home domain and the visited domains. A roaming agreement contains enough information for a visited domain to authenticate, authorize, and bill the roaming user. When a user enters a visited domain, the visited domain needs to determine if this user is allowed to use its networks. To make this decision, the visited domain needs to know who this user is, who the user’s home domain is, and if there is an agreement between them.

CONCLUSIONS AND FUTURE TRENDS We have introduced the basic concepts and general features of mobile devices. Particularly, we presented the specific features of Web-enabled phones, personal digital assistants, pagers, portable storage devices, laptop PCs, and tablet PCs. To better understand these mobile devices, we also outlined the protocols widely deployed by mobile devices and several mobile security issues and measures. It should be noted that this chapter provided only a framework of the mobile protocols and security. Readers are suggested to refer other chapters in volumes I and II that contain the details of individual topics, such as WAP, SMTP, HTTP, Mobile IP, 802.11x, Bluetooth, and the foundations of network security. Finally, this chapter reviewed mobile device management, which includes handoff management, location management, and roaming management. We make two predictions for the next generation mobile devices. The first prediction regards the mobile domain itself. Specifically, various mobile devices within each family will converge to one unit. For example, we expect that a single mobile device will combine all the functions of Web-enabled phones, PDAs, pagers, and iPods. The second prediction pertains to both mobile and wireless domains. New mobile devices must be able to access any public wireless local area network services and connect to the wireless Internet through any available Internet connection services. However, there are a number of barriers preventing this. First, for the new mobile devices to run intensive computing applications, new technologies for processors, hard disks, and memories must be available. Second, for them to be truly

portable, the size and weight must be significantly reduced. Third, new technologies to increase the network bandwidth for mobile devices must be developed. And finally, the battery lifetime must allow days of continuous usage.

GLOSSARY Code Division Multiple Access A spread spectrum approach for the digital transmission of data/voice over radio frequencies. Enhanced Data GSM Environment A faster version of the GSM wireless service. Enhanced Message Service Enables mobile devices to exchange messages with formatted text, animations, pictures, icons, sound effects, and special ring tones. Global System for Mobile Communications A digital cellular phone technology based on TDMA. Home location register A database containing subscriber information files about the subscriber and the current location of a subscriber’s mobile station. Hypertext transfer protocol It is the protocol used for Web access in the current Internet. Currently, it has two popular versions, HTTP 1.0 and HTTP 1.1. Handheld Devices Markup Language Specifications that allow Internet access from wireless devices such as handheld personal computers and smart phones. Internet Message Access Protocol A protocol for email clients to retrieve e-mail messages from a mail server while the mailboxes are on. Internet Protocol Security A security protocol from the Internet Engineering Task Force (IETF) that provides authentication and encryption over the Internet. Multimedia Message Service A messaging service for the mobile environment very similar to SMS or text messaging. Synchronized Media Integration Language A markup language designed to present multiple media files together. Simple Mail Transfer Protocol A protocol used to send e-mail on the Internet. Simple Object Access Protocol A lightweight protocol for exchange of information in a decentralized, distributed environment. Time Division Multiple Access A digital wireless telephony transmission technique Universal Discovery Description and Integration An XML- and SOAP-based lookup service for Web service consumers to locate Web services and programmable resources available on a network. Uniform Resource Identifier The most common form of URI is the Web page address. Visitor Location Register A local database function that maintains temporary records associated with individual subscribers. Voice eXtensible Markup Language A proposed specification for accessing voice recognition software via the Internet. Wireless Identity Module It identifies and authenticates a wireless device on a wireless network. Wireless Markup Language It allows the display of Web pages on mobile phones and PDAs.

REFERENCES

CROSS REFERENCES See Bluetooth Security; Bluetooth Technology; Mobile Commerce; Security and the Wireless Application Protocol (WAP); Wireless Internet: A Cellular Perspective.

REFERENCES 3GPP. (2002). Technical specification group services and system aspects, 3G security, network domain security, IP network layer security. Release 5, 3GPP TS 33.102, version 5.0.0. Retrieved November 15, 2004, from http://www.3gpp.org/ftp/tsg sa/WG3 Security/ Specs/ Old Vsns/33210-500.pdf Amotz, B.-N., Kessler, I., & Moshe, S. (1995). Mobile users: To update or not to update? ACM/Balzer Journal of Wireless Networks, 1, 175–185. Beaulieu, M. (2002). Wireless Internet, applications and architecture. Boston: Addison-Wesley. Bulterman, D. C. A., & Rutledge, L. (2004). SMIL 2.0, interactive multimedia for Web and mobile devices. New York: Springer-Verlag. Brown, D. (1995). Techniques for privacy and authentication in personal communications. IEEE Personal Communications, August 6–10. Dedo, D. (2004). Windows mobile-based devices and security: Protecting sensitive business information. Retrieved November 15, 2004, from www.microsoft.com/ windowsmobile/ Dutta, A., Vakil, F., Chen, J. C., Tauil, M., Baba, S., Nakajima, N., & Schulzrinne, H. (2001). Application layer mobility management scheme for wireless Internet. IEEE 3G Wireless 2001, May. Lee, V., Schnider, H., & Schell, R. (2004). Mobile applications: Architecture, design, and development. Upper Saddle River, NJ: Prentice Hall.

13

Lin, Y.-B., & Chlamtac, I. (2001). Wireless and mobile network architectures. New York: John Wiley & Sons. Lu, W. W. (2002). Broadband wireless mobile, 3G and beyond. New York: John Wiley & Sons. Mallick, M. (2003). Mobile and wireless design essentials. New York: John Wiley & Sons. Mark, J. W., & Zhuang, W. (2004). Wireless communications and networking. Upper Saddle River, NJ: Prentice Hall. Openwave. (2002). WAP push technology overview. Retrieved November 15, 2004 http://developer.openwave. com/docs/wappush tech overview.pdf SOAP Version 1.2. (2003). SOAP version 1.2. Part 1: Messaging framework. Retrieved November 15, 2004, from http://www.w3.org/TR/soap12-part1/ UDDI Version 3.0.1. (2003). UDDI Spec Technical Committee Specification. Retrieved November 15, 2004, from http://uddi.org/pubs/uddi v3.htm W3C Web Service. (2004). Web services architecture requirements. Retrieved November 15, 2004, from http:// www.w3.org/TR/wsa-reqs/#id2604831 WAP 2.0. (2002). Wireless Application Protocol Technical White Paper. Retrieved November 15, 2004, from http:// www.wapforum.org/what/WAPWhite Paper1.pdf Wong, V. W.-S., & Leung, V. C. M. (2000). Location management for next generation personal communication networks. IEEE Network, Sep./Oct., 18–24. WSDL Version 2.0. (2004). Web services description language (WSDL) version 2.0. Part 1: Core language. Retrieved November 15, 2004, from http://www.w3.org/ TR/2004/WD-wsdl20-20040803/ Zhang, T., & Chen, J.-C. (2004). IP-based next-generation wireless networks. New York: Wiley Interscience.